Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.

Published byJessica Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology."— Presentation transcript:

1 1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology Consortium Empowering the Industry Through Innovative Ideas

2 June 18, 20082 “TITLE IX, FACT VS. FICTION” “THE ROLE OF STANDARDS IN TITLE IX” “TITLE IX, A PRACTITIONERS POINT OF VIEW” Panel Moderator VOLUNTARY EMERGENCY PREPAREDNESS WHAT YOU NEED TO KNOW ABOUT TITLE IX

3 June 18, 20083 Voluntary Preparedness Al Martinez-Fonts – “TITLE IX, FACT VS. FICTION” Department of Homeland Security Assistant Secretary, Private Sector Office Matthew Deane – “THE ROLE OF STANDARDS IN TITLE IX” Director of Homeland Security Standards American National Standards Institute (ANSI) Randy Till – “TITLE IX, A PRACTITIONERS POINT OF VIEW” Global Business Continuity Management MasterCard, Worldwide David Nolan – Moderator CEO, Fusion Risk Management, Inc

4 June 18, 2008 VOLUNTARY EMERGENCY PREPAREDNESS TITLE IX, FACT VS. FICTION Al Martinez-Fonts, Department of Homeland Security Assistant Secretary, Private Sector Office

5 June 18, 20085 Background “Implementing the Recommendations of the 9/11 Commission Act of 2007” – Public Law 110-53 signed on August 3, 2007 Requirement to develop a National Voluntary Private Sector Preparedness Accreditation and Certification Program. – Establish a common set of standards for private sector preparedness relating to disaster management, emergency management, and business continuity

6 June 18, 20086 Goal Improve private sector preparedness in disaster management, emergency management, and business continuity to enhance nationwide resilience in an all hazards environment “…the government does not, and cannot work alone… private sector organizations play a key role before, during and after an incident.” National Response Framework (2007)

7 June 18, 20087 Key Program Requirements Voluntary participation Provide method to independently certify preparedness of private sector entities Administered by non-government entity DHS designate one or more standards based on published target criteria Integrate/leverage existing regulatory requirements and existing efforts, if feasible DHS maintain and make public a listing of any public entity certified as being compliant, if that public entity consents to being listed Small business consideration

8 June 18, 20088 Level 2 (3rd Party Certification) Program Phase 1 Program & Target Criteria Development Program Phase 2 Basic Preparedness and Enhanced Target Criteria Refinement Program Phase 3 Enhanced Preparedness 2008 2012 Level 1 (Declaration of Conformity) Basic (Current) Standards Draft Program Concept Establish Accrediting Body Contract Existing Preparedness Standards - TBD Existing Preparedness Programs - TBD (e.g. “Ready.Gov” and others) New / Revised Preparedness Programs (e.g., updated / improved Ready.Gov and others) Target Criteria for Standards (in work) – Standards process – Scope and Policy – Requirements – Risk Assessment – Objectives and Strategies – Operational and Control Strategies – Competence and Training – Communication and Warning Strategies – Resource Management – Assessment and Evaluation – Continuing Review Level 2 (3rd Party Certification) New / Revised Preparedness Standards TBD (Incorporating CIKR / Sector Specific requirements - as required) Level 1 (Declaration of Conformity) Enhanced (Future) Standards

9 June 18, 20089 Engagement Plan Sector Coordinating Council reps and others Partnership for Critical Infrastructure Security Standards community International Security Managers Association Business Executives for National Security Small Business Administration and other government agencies FEMA National Advisory Council – Subcommittee for Private Sector Preparedness Other organizations Public Notice of draft target criteria (Federal Register)

10 June 18, 2008 VOLUNTARY EMERGENCY PREPAREDNESS THE ROLE OF STANDARDS IN TITLE IX Matthew Deane Director of Homeland Security Standards American National Standards Institute (ANSI)

11 June 18, 200811 Key Definitions Standard A Standard is a Document, Not a Technical Regulation Document [emphasis added] established by consensus and approved by a recognized body that provides for common and repeated use, rules, guidelines or characteristics for activities or their results aimed at achieving the optimum degree of order… ISO/IEC Guide 2 Conformity Assessment (accreditation/certification) Any activity concerned with determining directly or indirectly that requirements are fulfilled Relevant to requirements for products, services, systems and organizations. May be conducted by: - a supplier (first party) - a buyer (second party) - an organization independent of both buyer and seller (third party)

12 June 18, 200812 Highlighted Text from PL 110-53 (standards) “The program developed and implemented under this subsection shall assess whether a private sector entity complies with voluntary preparedness standards.” “The term ‘voluntary preparedness standards’ means a common set of criteria for preparedness, disaster management, emergency management, and business continuity programs, such as the Standard on Disaster/ Emergency Management and Business Continuity Programs (ANSI/NFPA 1600).’’ “shall adopt one or more appropriate voluntary preparedness standards that promote preparedness, which may be tailored to address the unique nature of various sectors within the private sector”

13 June 18, 200813 Highlighted Text from PL 110-53 (accreditation/certification) “A selected entity shall manage the accreditation process and oversee the certification process in accordance with the program established under this subsection and accredit qualified third parties to carry out the certification program established under this subsection.” “Certification under this subsection shall be voluntary for any private sector entity.”

14 June 18, 200814 Selected Standards and Guidelines StandardsGuidelines/Frameworks NFPA 1600 - Standard on Disaster/ Emergency Management and Business Continuity Programs - American National Standard - Freely available at: http://www.nfpa.org/assets/files/PDF/NFPA1600.pdf ISO/PAS 22399 - Guideline for incident preparedness and operational continuity management - International Organization for Standardization (ISO) Publicly Available Specification (PAS) BS 25999 – Business Continuity Management - British Standard - Two parts ASIS International – Organizational Resilience: Preparedness and Continuity Management - ASIS draft guideline document Other National Standards - Standards Australia, SPRING Singapore (TR 19) CERT ® Resiliency Engineering Framework - Partnership between Carnegie Mellon and FSTC http://www.cert.org/resiliency_engineering/framework.html Emergency Management Accreditation Program (EMAP) Standards

15 June 18, 200815 "Framework for Voluntary Preparedness" Alfred P. Sloan Foundation funded initiative to enable stakeholder dialogue with the U.S. DHS on the considerations and strategies relevant to the private sector preparedness certification program under Public Law 110-53 Series of roundtables coordinated by NYU International Center for Enterprise Preparedness (InterCEP) Key deliverable is the Framework prepared by an interdisciplinary group consisting of representatives from: – ASIS International – Disaster Recovery Institute International (DRII) – National Fire Protection Association (NFPA) – Risk and Insurance Management Society, Inc. (RIMS)

16 June 18, 200816 Key Points from "Framework” In order for the private sector to adequately and voluntarily establish preparedness programs, it should be given the flexibility to choose from various standards, guidelines and best practices that best meet their needs Report identifies core common elements of a preparedness program and provides a crosswalk of existing standards, guidelines and best practices Businesses and organizations should be afforded the flexibility to build on their existing programs Small businesses in particular need to tailor their preparedness and resilience strategies to their financial realities A major barrier to preparedness and resilience management is a lack of knowledge and tools, particularly in case of small businesses

17 June 18, 2008 VOLUNTARY EMERGENCY PREPAREDNESS TITLE IX, A PRACTITIONERS POINT OF VIEW Randall J. Till Global Business Continuity Management MasterCard Worldwide

18 June 18, 200818 Voluntary Emergency Preparedness Considerations: Demonstrates the importance of preparedness and readiness in today's business climate – Government involvement in private sector preparedness – Promotes the need for strong resiliency practices – Expands preparedness and continuity planning as a required business practice for all organization

19 June 18, 200819 Voluntary Emergency Preparedness Considerations: Voluntary certification will help consolidate and solidify standards and practices – Provides a measure to assess and validate business preparedness and readiness – Builds on existing standards and proven accreditation/certification processes – Provide flexibility to address preparedness needs of various size businesses and industry sectors – Option for self-assessment of organizations

20 June 18, 200820 Voluntary Emergency Preparedness Concerns: Size and complexity of certification process – Simple enough to encourage smaller companies – Significant enough to influence larger organizations – Flexible enough to encourage ongoing readiness preparation following certification Financial Institutions are already heavily regulated – Increases complexity and requirements for compliance – Cost and drain on resources to achieve certification – Voluntary certification becomes mandatory - business partners require certification

21 June 18, 200821 Voluntary Emergency Preparedness Concerns (continued): Business Continuity lacks strong industry standards and consistent planning methodologies – Difficult to define single body of knowledge/standards – How to define clear standards and requirements with inconsistent planning practices Difficult to measure effectiveness of an organizations readiness and preparedness – Preparedness practices are institutionalized, practiced and executable International certification process to address requirements for global organizations

22 June 18, 200822 Voluntary Emergency Preparedness Opportunities: Financial industry can provide leadership and direction in defining voluntary certification processes Consolidation and standardization of preparedness practices and standards – Common set of criteria for preparedness Drives readiness for a larger sector of the business population providing greater overall resiliency Provides a method to assess readiness as part of supply chain management

23 June 18, 200823 Voluntary Emergency Preparedness Opportunities: Ability to demonstrate value-add services for the organization Convergence of risk management practices to address overall "operational risk management" Evolution of "maturity models" providing a more holistic approach for managing operational risks and resiliency – Provides a framework for achieving certification and improving resiliency practices – FSTC/CERT Resiliency Engineering Framework

24 June 18, 200824 Panel Discussion Al Martinez-Fonts “Title IX, Fact vs. Fiction” Department of Homeland Security Assistant Secretary, Private Sector Office Matthew Deane – “Standards and Title IX, What you need to know” Director of Homeland Security Standards American National Standards Institute (ANSI) Randy Till “Title IX, A Practitioners Point of View” Global Business Continuity Management MasterCard, Worldwide

25 25 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology Consortium Empowering the Industry Through Innovative Ideas

Download ppt "1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology."

Similar presentations

Environmental Management System Implementation

Environmental Management System Implementation
KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.

KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.
WP4 – Task 4.4 LCA Activities

WP4 – Task 4.4 LCA Activities
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
National Incident Management System Overview. Homeland Security Presidential Directive 5 Directed Secretary, DHS to develop and administer: 1.National.

National Incident Management System Overview. Homeland Security Presidential Directive 5 Directed Secretary, DHS to develop and administer: 1.National.
BS-25999: Business Continuity Management System PS-Prep: The Voluntary Private Sector Preparedness Program Kathleen Lucey, FBCI Practice Manager, EMC 516-384-6437.

BS-25999: Business Continuity Management System PS-Prep: The Voluntary Private Sector Preparedness Program Kathleen Lucey, FBCI Practice Manager, EMC
National Infrastructure Protection Plan

National Infrastructure Protection Plan
1 Executive Office of Public Safety. 2 National Incident Management System.

1 Executive Office of Public Safety. 2 National Incident Management System.
Conformity Assessment Practical Implications InterAgency Committee on Standards Policy June 2007 Gordon Gillerman Conformity Assessment Advisor Homeland.

Conformity Assessment Practical Implications InterAgency Committee on Standards Policy June 2007 Gordon Gillerman Conformity Assessment Advisor Homeland.
Transportation leadership you can trust. presented to FHWA’s Talking Freight Seminar presented by Michael Williamson Cambridge Systematics, Inc. April.

Transportation leadership you can trust. presented to FHWA’s Talking Freight Seminar presented by Michael Williamson Cambridge Systematics, Inc. April.
Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.

Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.
Greg Shaw 202-994-6736 How do we turn private sector preparedness into an investment rather than a cost of doing.

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
Topic 4 Environmental Management Systems

Topic 4 Environmental Management Systems
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
The National Incident Management System. Homeland Security Presidential Directive 5 To prevent, prepare for, respond to, and recover from terrorist attacks,

The National Incident Management System. Homeland Security Presidential Directive 5 To prevent, prepare for, respond to, and recover from terrorist attacks,
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
The National Incident Management System

The National Incident Management System
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Similar presentations

Ads by Google